App Registration v1.0

The screenshots on this page are in conjunction with the Excel API > Using VS Code with TypeScript SSO project.

link - learn.microsoft.com/en-gb/office/dev/add-ins/develop/register-sso-add-in-aad-v2

Open a browser and login to your Azure Active Directory admin center with an administrator account.
On the left hand side, underneath Favorites, click on "Azure Active Directory".
At the top select (Add > App registration).

alt text

Registration & Authentication

Enter or choose the following items.

alt text

Name - "Excel-TypeScript-SSO" (this is the name of your VS Code project)
Supported account types - "Accounts in any organizational directory (Any Azure AD directory - Multitenant)"
Office Add-in Apps must be multi-tenant, they cannot be single tenant.
Redirect URI - leave this blank
Press Register.
Click on Authentication, under Manage.
Under Platform configurations, click on "Add a platform".

alt text

Select the Web platform from the list of options.
Enter or choose the following items.

alt text

Redirect URIs - https://localhost:8080/taskpane.html (your port number might be different)
Access tokens - Tick this box. Used for implicit flows
ID tokens - Tick this box. Used for implicit and hybrid flows
Press Configure.
Once the Web platform has been added, press Add URI to add another Redirect URI.
URI - https://localhost:8080/fallbackauthdialog.html
Press Save.

alt text

Certificates and Secrets

Click on Certificates & secrets, under Manage.
Select the Client Secrets tab, click on New client secret.

alt text

Enter or choose the following items.

alt text

Description - "anything"
Expires - "Recommended 6 months"
Press Add.
Once the new secret has been added to the list, make sure you copy the "Value".
You will need to add this value to your Visual Studio Code project.

alt text

Expose an API

Click on Expose an API, under Manage.
At the very top press the Set button.

alt text

Add "localhost:8080/" before the protocol and the unique ID of the application. Your ID will be different.

alt text

Press Save.
Under Scopes defined by this API, press "Add a scope".
Enter or choose the following items.

alt text

scope name - "access_as_user"
Who can consent - "Admins and users"
Admin consent display name - "Office can act as the user"
Admin consent description - "Enable Office to call the add-in's web APIs with the same rights as the current user."
User consent display name - "Office can act as you"
User consent description - "Enable Office to call the add-in's web APIs with the same rights that you have."
State - Enabled
Press Add scope.

alt text

Under Authorized client applications, press "Add a client application".
Enter or choose the following items.

alt text

Client Id - d3590ed6-52b3-4102-aeff-aad2292ab01c (for Microsoft Office)
Authorized scopes - Tick this box.
Press Add application.
Repeat this for another 4 Application GUIDS.
ea5a67f6-b6f3-4338-b240-c655ddc3cc8e (for Microsoft Office)
57fb890c-0dab-4253-a5e0-7188c88b2bb4 (for Office on the web)
08e18876-6177-487e-b8b5-cf950c1e598c (for Office on the web)
bc59ab01-8403-45c6-8796-ac3ef710b3e3 (for Outlook on the web)

alt text

API permissions

Add the permissions for accessing Microsoft Graph.
Click on API permissions, under Manage.
Under Configured permissions, click on "Add a permission".

alt text

On the Select an API screen, select Microsoft Graph.

alt text

Select Delegated permissions.

alt text

Select the following permissions from the list.

alt text

openid - Sign users in
profile - View user's basic profile
Press Add permissions.
Once the permissions have been added, press the "Grant admin consent for CompanyName" (only needed for MSAL).

alt text

Press Yes on the confirmation prompt.

alt text

Overview

Check the overview page to double check you have added everything.
Click on Overview, under Manage.
Under the Display name, make sure you copy the "Application (client) ID".
You will need to add this value to your Visual Studio Code project.

alt text

That is the registration part completed.


Windows Credentials with PowerShell

The last step is to create a new client secret and save it to your machine's local secret store.
For this step you will need your username.
Typing the word "System" into the Windows Search bar will display this information.
Typing the word "PowerShell" into the Windows Search bar will open this application.
Type the following lines one at a time and press Enter after each line.

alt text
$ssoAppName = "Excel-TypeScript-SSO" 
$user = "UserName" 
$secret = "SecretValue" 
[void][Windows.Security.Credentials.PasswordVault, Windows.Security.Credentials, ContentType = WindowsRuntime] 
$creds = New-Object Windows.Security.Credentials.PasswordCredential 
$creds.Resource = $ssoAppName 
$creds.UserName = $user 
$creds.Password = $secret 
$vault = New-Object Windows.Security.Credentials.PasswordVault 
$vault.add($creds)

Typing the word "Credentials" into the Windows search bar will display the Credential Manager application.
Check that the Web Password has been added successfully.

© 2023 Better Solutions Limited. All Rights Reserved. © 2023 Better Solutions Limited TopPrevNext